How to issue a CSR with out SAN


because i’m using HPKP i created 2 Backup CSRs following this tutorial:
As the tutorial didn’t mention the subjectAltName filed and didn’t know much about certificate issuing at the time i did not set my domain name in the san field of the csr.
Now as my certificate is going to expire tomorrow i wanted to get a new certificate. For that i have to use my existing CSRs because their hash pin is known to the bowsers of my users.
I this: ./letsencrypt-auto certonly --csr my.domain.csr -d my.domain
and got: Unfortunately, your CSR needs to have a SubjectAltName for every domain. (That is also the only message in letsencrypt.log)
Is there any way i can get a certificate for my domain from my existing CSR files?

Any help is appreciated


If you still have access to the private key, you should be able to use it to generate a new CSR with the same pin hash (because the hash is derived from the public key, not the full CSR).


Thank you so much. This solved the problem


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.